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What is claimed is: 

1. A method, comprising: 

identifying a set of virtual private network (VPN) customers, at least one 
mobile access point (MAP) and at least one customer premise equipment (CPE) 
5 associated with each VPN customer, and at least one IP service gateway (IPSG) 
for facilitating VPN tunneling between a MAP and a CPE, wherein each MAP is 
geographically remote from each IPSG; and 

selecting a subset of IPSGs to maximize total profit resulting from 
provisioning a subset of VPN customers on the selected IPSGs, wherein said total 
1 0 profit from all the customers comprises the sum of profits from each customer (/), 
where for each customer profit (U) equals weighted revenue (^ V') less cost {d), 
{lj=y V'Cf), wherein said cost per customer comprises a total tunnel bandwidth 
cost (C'c) from said MAP to said CPE, and a cost {dv) of provisioning an IPSG 
node. 

15 

2. The method of claim 1 , wherein ^ represents relative weight of revenue 
compared to total cost for customer /. 

3. The method of claim 1, wherein said total tunnel bandwidth cost comprises 
20 a dynamic tunnel bandwidth cost between said MAP and said provisioned IPSG, 

and a static tunnel bandwidth cost between said provisioned IPSG and said CPE. 

4. The method of claim 1 , wherein only a single tunnel is established between 
said provisioned IPSG and said CPE, even during instances where traffic from 

25 multiple MAPs are going through said provisioned IPSG to reach said CPE. 

5. The method of claim 1, wherein in an instance said provisioned IPSG sends 
traffic to more than one CPE, said provision cost is counted only once. 
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6. The method of claim 1 , wherein said cost per customer / is determined by 
C' = ^c'o + p Y^d' jk\ + aY,fjy' j , where c'j,is a bandwidth cost associated 

with sending traffic from a MAP node / to an IPSG nodey. dy^tis a bandwidth cost 
associated with sending traffic from said IPSG node; to said CPE node k, p 
5 represents a weighing factor with respect to said shared static tunnel, ^ is a 
provisioning cost associated with using said IPSG node j , / is a binary variable 
denoting whether said IPSG j is provisioned for a provisioned customer to send 
traffic to at least one of its CPEs. and a is a weighing factor for provision cost over 
total bandwidth cost. 



7. The method of claim 6, wherein said bandwidth cost (c'jf) associated with 
sending traffic from a MAP node / to an IPSG node y comprises the product of uiiit 
bandwidth cost (a,j) between said MAP node / and said IPSG nodey, and a sum of 

f ^ 



traffic 

15 through IPSG node/ 



from MAP node / to said CPE node kthat is directed 



8. The method of claim 6, wherein said bandwidth cost (d/n) associated with 
sending traffic from an IPSG node j to a CPE node k comprises the product of unit 
bandwidth cost (ey^) between said IPSG node y and said CPE node k, and a total 

20 amount of traffic [^s'^^^^j e g.VA: e from MAP node /to said CPE node /f that 
is directed through IPSG nodey. 



9. The method of claim 6, wherein said total amount of traffic j'.y* 



from 



MAP node / to said IPSG node j is less than or equal to total bandwidth capacity 
25 (g^;) between said MAP node /and said IPSG nodey. 
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10. The method of claim 6, wherein said total amount of traffic 



25 



from 



said IPSG node y to said CPE node k is less than or equal to total bandwidth 
capacity between said IPSG node j and said CPE node k. 

5 11. A virtual private network (VPN) system architecture, comprising: 

means for identifying a set of virtual private network (VPN) customers, at 
least one mobile access point (MAP) and at least one customer premise equipment 
(CPE) associated with each VPN customer, and at least one IP service gateway 
(IPSG) for facilitating VPN tunneling between a MAP and a CPE, wherein each 

10 MAP is geographically remote from each IPSG; and 

means for selecting a subset of IPSGs to maximize total profit resulting from 
provisioning a subset of VPN customers on the selected IPSGs, wherein said total 
profit from all the customers comprises the sum of profits from each customer (/), 
where for each customer profit ((/) equals weighted revenue {J^ V) less cost (C^, 

15 (t/=^ V'-C^, wherein said cost per customer comprises a total tunnel bandwidth 
cost (C'c) from said MAP to said CPE, and a cost (C'v) of provisioning an IPSG 
node. 

12. The method of claim 1 1 , wherein ^ represents relative weight of revenue 
20 compared to total cost for customer /. 

1 3. The method of claim 1 1 , wherein said total tunnel bandwidth cost comprises 
a dynamic tunnel bandwidth cost between said MAP and said provisioned IPSG, 
and a static tunnel bandwidth cost between said provisioned IPSG and said CPE. 



14. The method of claim 1 1 , whierein only a single tunnel is established between 
said provisioned IPSG and said CPE, even during instances where traffic from 
multiple MAPs are going through said provisioned IPSG to reach said CPE. 
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15. The method of claim 11, wherein in an instance said provisioned IPSG 
sends traffic to more than one CPE, said provision cost is counted only once. 

16. The method of claim 1 1 , wherein said cost per customer / is determined by 

5 C = ^c^ij +>5 X^'j* I'^^^fjy^J • where c^,jis a bandwidth cost associated 

with sending traffic from a MAP node / to an IPSG nodey, c/y^is a bandwidth cost 
associated with sending traffic from said IPSG node y to said CPE node k, J3 
represents a weighing factor with respect to said shared static tunnel, ^ is a 
provisioning cost associated with using said IPSG node, j/y is a binary variable 
10 denoting whether said IPSG j is provisioned for a provisioned customer to send 
traffic to at least one of its CPEs, and a is a weighing factor for provision cost over 

total bandwidth cost. j 

■I 

17. The method of claim 16, wherein said bandwidth cost {cfg) associated wit'h 

1 5 sending traffic from a MAP node / to an IPSG node ) comprises the product of unit 
bandwidth cost (a,j) between said MAP node / and said IPSG node j\ and a sum of 



traffic 
through IPSG node / 



from MAP node / to said CPE node k that is directed 



20 18. The method of claim 16, wherein said bandwidth cost (dyif) associated with 
sending traffic from an IPSG node y to a CPE node k comprises the product of unit 
bandwidth cost {e%) between said IPSG node j and said CPE node /c, and a total 

amount of traffic ^^s'ok^Vj e g, VA: e i?/ J from MAP node / to said CPE node k that 
is directed through IPSG node / 

25 
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1 9. The method of claim 16, wherein said total amount of traffic 



from 



MAP node / to said IPSG node j is less than or equal to total bandwidth capacity 
between said MAP node /to said IPSG node;. 



5 20. The method of claim 16, wherein said total amount of traffic ^^'y* 



from 



said IPSG node 7 to said CPE node k is less than or equal to total bandwidth 
capacity (/7;/c) between said IPSG node j and said CPE node k. 

21 . The system architecture of claim 1 1 , wherein said MAPs provide dynamic 
10 switching and routing of data connections, while said IPSGs provide VPN services. 

22. A computer readable medium for storing instructions that, when executed by 
a processor, perform a method for optimally provisioning connectivity for network- 
based mobile virtual private network (VPN) services, comprising 

15 identifying a set of virtual private network (VPN) customers, at least one 

mobile access point (MAP) and at least one customer premise equipment (CPE) 
associated with each VPN customer, and at least one IP service gateway (IPSG) 
for facilitating VPN tunneling between a MAP and a CPE, wherein each said MAP 
is geographically remote from each said IPSG; and 

20 selecting a subset of IPSGs to maximize total profit resulting from provisioning a 
subset of VPN customers on the selected IPSGs, wherein said total profit from all 
the customers comprises the sum of profits from each customer (/), where for each 
customer profit (l/) equals weighted revenue (J ^Z) less cost {d) ((/=^ V'-C), 
wherein said cost per customer comprises a total tunnel bandwidth cost (C'c) from 

25 said MAP to said CPE, and a cost {dy) of provisioning an IPSG node. 
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